Store all check-in attempts, not only successful ones (#2074)

2026-05-03 14:54:04 +00:00 · 2021-06-05 13:00:58 +02:00
parent 9c3fc69176
commit c7ef79be90
29 changed files with 849 additions and 66 deletions
--- a/src/pretix/api/auth/devicesecurity.py
+++ b/src/pretix/api/auth/devicesecurity.py
@@ -59,6 +59,7 @@ class PretixScanSecurityProfile(AllowListSecurityProfile):
        ('GET', 'api-v1:badgeitem-list'),
        ('GET', 'api-v1:checkinlist-list'),
        ('GET', 'api-v1:checkinlist-status'),
+        ('POST', 'api-v1:checkinlist-failed_checkins'),
        ('GET', 'api-v1:checkinlistpos-list'),
        ('POST', 'api-v1:checkinlistpos-redeem'),
        ('GET', 'api-v1:revokedsecrets-list'),
@@ -89,6 +90,7 @@ class PretixScanNoSyncSecurityProfile(AllowListSecurityProfile):
        ('GET', 'api-v1:badgeitem-list'),
        ('GET', 'api-v1:checkinlist-list'),
        ('GET', 'api-v1:checkinlist-status'),
+        ('POST', 'api-v1:checkinlist-failed_checkins'),
        ('POST', 'api-v1:checkinlistpos-redeem'),
        ('GET', 'api-v1:revokedsecrets-list'),
        ('GET', 'api-v1:orderposition-pdf_image'),
--- a/src/pretix/api/auth/permission.py
+++ b/src/pretix/api/auth/permission.py
@@ -49,7 +49,9 @@ class EventPermission(BasePermission):
        if not request.user.is_authenticated and not isinstance(request.auth, (Device, TeamAPIToken)):
            return False

-        if request.method not in SAFE_METHODS and hasattr(view, 'write_permission'):
+        if hasattr(view, '_get_permission_name'):
+            required_permission = getattr(view, '_get_permission_name')(request)
+        elif request.method not in SAFE_METHODS and hasattr(view, 'write_permission'):
            required_permission = getattr(view, 'write_permission')
        elif hasattr(view, 'permission'):
            required_permission = getattr(view, 'permission')